Sr IT Controls & Risk Specialist

Hybrid in Northbrook, IL, US • Posted 60+ days ago • Updated 2 hours ago

Full Time

On-site

USD $96,200.00 - 144,560.00 per year

Medline Industries, LP

Fitment

Dice Job Match Score™

👤 Reviewing your profile...

Job Details

Skills

Drawing
Payment Card Industry
Documentation
Stakeholder Engagement
Technology Assessment
Evaluation
Communication Planning
Communication
Relationship Building
Legal
Collaboration
Information Technology
Business Administration
Internal Control
Risk Management
NIST 800-53
PCI DSS
Web Services
SaaS
Management
IT Risk Management
IT Risk
Information Security
Leadership
CISA
CISM
ISACA
CISSP
IT Governance
ITIL
Privacy
Auditing
Organizational Skills
Knowledge Base
Infographics
Knowledge Management
Budget
Reporting
Information Governance
Data Security
Change Management
SAP Security
SAP GRC
Regulatory Compliance
Training
Health Insurance
Forms
Linear Programming

Summary

Job Summary

Medline is looking for a Senior IT Controls & Risk Specialist to play a critical role in establishing and managing an IT controls framework for the enterprise. Reporting to the IT Controls & Risk Manager, this position will lead the design, development, and implementation of information and technology risk management policies, standards, processes, and best practices and drive adoption through effective enterprise change management, education and awareness. Additionally, the specialist will evaluate the compliance of new and existing technology solutions against applicable controls.

Job Description

MAJOR RESPONSIBILITIES

Controls Framework Design, Implementation, and Management

Control Framework Development: Analyze, design, create, and maintain a unified IT controls framework drawing from leading industry frameworks and applicable regulatory requirements (e.g. NIST CSF, CIS, HITRUST, PCI, etc.)
Documentation: Create comprehensive documentation for the controls framework, including risks, control objectives, and implementation guidelines. Align with existing enterprise policies and develop policies to fill identified gaps.
Stakeholder Engagement: Collaborate with cross-functional teams to ensure stakeholder buy-in and alignment with organizational risk tolerance.

Technology Evaluation and Risk Management

Compliance Evaluation: Assess new and existing technologies for compliance with applicable controls.
Risk Register Management: Maintain a risk register to manage non-compliance and track remediation efforts.
Tool Administration: Lead the configuration of GRC tools used for IT risk management processes.

Awareness and Education

Material Development: Develop tailored written and verbal awareness materials for different audiences, supporting user education initiatives.
Drive communication campaigns to ensure employee adoption using metrics to measure and track success.

Communication and Cross-Functional Collaboration

Communication Planning: Execute a communication plan for impacted audiences when process and policy changes are made.
Relationship Building: Build trusted relationships with IT Compliance, Information Security, Legal, and Corporate Compliance teams to ensure message alignment and cross-functional collaboration.

MINIMUM JOB REQUIREMENTS

Education

Bachelor's Degree in Information Technology, Information Security, Risk Management, Business Administration, or related field. Or equivalent combination of education, professional certifications, and relevant work experience.

Certification / Licensure

None required.

Work Experience

3+ years professional experience within IT Controls and Frameworks, IT Risk Management, IT Internal Controls, or related GRC field.

Knowledge / Skills / Abilities

Experience developing or maintaining a controls-based IT compliance framework
Experience evaluating or auditing web-based software technologies against company or regulatory requirements
Experience deploying or supporting risk management, compliance, information security, information governance, or privacy programs across a large enterprise
In-depth understanding of NIST CSF, CIS, NIST 800-53, HITRUST, CMMC, PCI DSS, or similar frameworks. Ability to describe framework scope, composition, and implementation strategies.
Familiar with the technical components of software technologies, including APIs, web services, and common web and cloud application integration and architecture patterns
Experience with modern GRC tools and other technologies supporting IT risk management activities
Experience applying change management methodologies to support IT risk management initiatives
Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood
Proven ability to effectively interact with, manage, and influence cross-functional teams and partners

PREFERRED JOB REQUIREMENTS

8+ years of professional experience in Technology Risk, Information Security, or leadership role in a technical area within a highly regulated industry.

Certification / Licensure

Certification in relevant GRC discipline (e.g., CISA, CISM, CRISC, CISSP, CGRC) or IT governance frameworks (e.g., ITIL).

Knowledge / Skills / Abilities

Experience implementing or using AuditBoard CrossComply, AuditBoard ITRM, or other TPRM, Privacy, or GRC tools
Participation in IT compliance and audit processes
Experience organizing process information and technical concepts into a knowledge base for wider audience consumption, leveraging diagrams or infographics and knowledge management tools
Experience driving successful, insight-based, creative communications plans that deliver against program objectives, on time and within budget
Experience deploying policy or technology changes across a large enterprise and measuring and reporting program process over time.
Understanding of fundamental Information Governance concepts (e.g., records retention, data protection, data handling)
Knowledge of enterprise change management methodologies
Familiarity with SAP security model and its integration with GRC products
Familiarity with M365 governance and compliance settings

Medline Industries, LP, and its subsidiaries, offer a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.

The anticipated salary range for this position:

$96,200.00 - $144,560.00 Annual

The actual salary will vary based on applicant's location, education, experience, skills, and abilities. This role is bonus and/or incentive eligible. Medline will not pay less than the applicable minimum wage or salary threshold.

Our benefit package includes health insurance, life and disability, 401(k) contributions, paid time off, etc., for employees working 30 or more hours per week on average. For a more comprehensive list of our benefits please click here. For roles where employees work less than 30 hours per week, benefits include 401(k) contributions as well as access to the Employee Assistance Program, Employee Resource Groups and the Employee Service Corp.

We're dedicated to creating a Medline where everyone feels they belong and can grow their career. We strive to do this by seeking diversity in all forms, acting inclusively, and ensuring that people have tools and resources to perform at their best. Explore our Belonging page here.

Medline Industries, LP is an equal opportunity employer. Medline evaluates qualified individuals without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, neurodivergence, protected veteran status, marital or family status, caregiver responsibilities, genetic information, or any other characteristic protected by applicable federal, state, or local laws.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 10116711
Position Id: R2510088
Posted 30+ days ago

Company Info

About Medline Industries, LP

Information Technology at Medline

Medline Industries, LP is the leading nationwide supplier of medical, surgical, and pharmaceutical products to hospitals, nursing homes, HME providers, surgery centers, physician offices and homes care/hospice settings.

Information Technology (IT) at Medline encompasses all our technology focused roles within a 650+ employee division. IT is a driving force behind Medline’s applications, security, systems support and more. Our employees take a customer-focused approach to understand the business’ requirements and translate that into a tech-based solution.

Medline's Information Technology department works to provide the company and its employees with the best technology infrastructure, support, development, procurement, services, and technology innovation management. Primary focus areas include multi-tier help desk support, data protection and security, project management and development, eCommerce development, software and hardware procurement and maintenance, and network infrastructure management.

Areas of Focus:

• Cybersecurity: Security Analyst, Cloud Security Engineer

• Infrastructure: Database Administrator, Linux/System Administrator, Cloud Engineer

• Applications (SAP, Manufacturing, WMS): Systems Analysts (SAP), Developers (.NET, Java)

• E-Commerce: Developers (UI/Java), QA/Software Testing, DevOps, Business Systems Analysts

• Automation/Business Intelligence: Automation Engineers, Data Scientists, Data Engineer, BI Developers, BI Systems Administrators

• Architecture, PMO, Information Governance: Architects (Applications, Solutions, Enterprise), Project Managers

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.